New PINs and On-Demand Tokencodes for Authentication Agents and RADIUS Clients
On-demand tokencodes always require a PIN. As a result, an administrator cannot clear the PIN of a user with an on-demand tokencode without assigning a temporary PIN. The user experience of changing the PIN of an on-demand tokencode depends on the method used to request the tokencode.
For a tokencode requested through an authentication agent or RADIUS client:
The user attempts to access a protected resource, and the agent prompts the user to enter a User ID and passcode.
When prompted for the passcode, the user enters the current PIN, which could be an expiring PIN or a temporary PIN assigned by the administrator.
The agent prompts the user to enter a new PIN and to confirm the new PIN.
The user enters a new PIN and confirms the new PIN.
The agent prompts the user to enter a passcode.
The user enters the new PIN.
AM sends the on-demand tokencode to the user.
When the agent prompts the user for next tokencode, the user enters the received on-demand tokencode.
Related Articles
Educating Your Users Number of Views RSA SecurID Authentication Agent 8.1 for PAM Release Notes (French) Number of Views Configure an IPv4/IPv6 Agent Number of Views Delete a Persistent IPv4 or IPv6 Static Route Number of Views RSA SecurID Authenticator 6.1.1 for Windows Administrator's Guide Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
